Next: Functionality
Up: Tools and Techniques
Previous: Tools and Techniques
A common class of anti-virus tools employs the complementary techniques of
signature scanning and algorithmic detection. This class of tools is
known as scanners
, which are static analysis detection tools (i.e., they help
detect the presence of a virus). Scanners also perform a more limited role as
identification tools (i.e., they help determine the specific virus detected).
They are primarily used to detect if an executable contains virus code, but
they can also be used to detect resident viruses by scanning memory
instead of executables.
They may be employed proactively or reactively. Proactive
application of scanners is achieved by scanning all executables introduced
to the system. Reactive application requires scanning the system at
regular intervals (e.g., weekly or monthly).